2025-04-16
2025-04-16 11:15Z
HIGH

CVE-2025-30960 — Authorization: Missing Authorization vulnerability in fs-code FS Poster fs-poster.This issue affects FS Poster: from n/a

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30960

Missing Authorization vulnerability in fs-code FS Poster fs-poster.This issue affects FS Poster: from n/a through <= 6.5.8. CVSSv3.1 8.3 (HIGH)

CWECWE 862TYPVulnerability
8.3
CVSS v3.1
92
Edit Score
2025-04-15
2025-04-15 22:15Z
CRIT

CVE-2025-30967 — Site: Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard wpjobboard allows Upload a Web Shell

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30967

Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard wpjobboard allows Upload a Web Shell to a Web Server.This issue affects WPJobBoard: from n/a through < 5.11.1. CVSSv3.1 9.6 (CRITICAL)

CWECWE 352TYPVulnerability
9.6
CVSS v3.1
98
Edit Score
2025-04-15
2025-04-15 22:15Z
CRIT

CVE-2025-26927 — Upload: Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes AI Hub aihub allows

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-26927

Unrestricted Upload of File with Dangerous Type vulnerability in LiquidThemes AI Hub aihub allows Upload a Web Shell to a Web Server.This issue affects AI Hub: from n/a through <= 1.3.7. CVSSv3.1 10.0 (CRITICAL)

CWECWE 434TYPVulnerability
10.0
CVSS v3.1
100
Edit Score
2025-04-15
2025-04-15 22:15Z
HIGH

CVE-2025-26748 — Site: Cross-Site Request Forgery (CSRF) vulnerability in looswebstudio Arkhe arkhe allows PHP Local File Inclusion.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-26748

Cross-Site Request Forgery (CSRF) vulnerability in looswebstudio Arkhe arkhe allows PHP Local File Inclusion.This issue affects Arkhe: from n/a through <= 3.12.0. CVSSv3.1 8.1 (HIGH)

CWECWE 352TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-04-15
2025-04-15 16:16Z
CRIT

CVE-2025-32911 — A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32911

A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server. CVSSv3.1 9.0 (CRITICAL) · EPSS 52th percentile

CWECWE 590TYPVulnerability
9.0
CVSS v3.1
95
Edit Score
2025-04-15
2025-04-15 12:15Z
CRIT

CVE-2025-30985 — Deserialization: of Untrusted Data vulnerability in kagla GNUCommerce gnucommerce allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-30985

Deserialization of Untrusted Data vulnerability in kagla GNUCommerce gnucommerce allows Object Injection.This issue affects GNUCommerce: from n/a through <= 1.5.4. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-04-15
2025-04-15 12:15Z
HIGH

CVE-2025-26959 — Authorization: Missing Authorization vulnerability in Quý Lê 91 Administrator Z administrator-z allows Privilege Escalation.This issue

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-26959

Missing Authorization vulnerability in Quý Lê 91 Administrator Z administrator-z allows Privilege Escalation.This issue affects Administrator Z: from n/a through <= 2025.03.24. CVSSv3.1 8.8 (HIGH)

CWECWE 862TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
728 × 90 / responsive · programmatic ad slot
2025-04-15
2025-04-15 12:15Z
HIGH

CVE-2025-26741 — Authorization: Missing Authorization vulnerability in AWEOS GmbH Email Notifications for Updates wp-update-mail-notification allows Privilege Escalation.This

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-26741

Missing Authorization vulnerability in AWEOS GmbH Email Notifications for Updates wp-update-mail-notification allows Privilege Escalation.This issue affects Email Notifications for Updates: from n/a through <= 1.1.6. CVSSv3.1 8.8 (HIGH)

CWECWE 862TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-04-14
2025-04-14 19:15Z
CRIT

CVE-2025-1782 — HylaFAX: In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-1782

In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an attacker to do anything as the web server user. This flaw requires the attacker to be authenticated with a valid user account. CVSSv3.1 9.9 (CRITICAL)

CWECWE 94VNDHylafaxTYPVulnerability
9.9
CVSS v3.1
100
Edit Score
2025-04-11
2025-04-11 09:15Z
HIGH

CVE-2025-32681 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32681

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Guru Error Log Viewer error-log-viewer-wp allows Blind SQL Injection.This issue affects Error Log Viewer: from n/a through <= 1.0.5. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-04-11
2025-04-11 09:15Z
HIGH

CVE-2025-32672 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32672

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Ultimate Bootstrap Elements for Elementor ultimate-bootstrap-elements-for-elementor allows PHP Local File Inclusion.This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through <= 1.4.9. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-04-11
2025-04-11 09:15Z
HIGH

CVE-2025-32663 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32663

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in roninwp FAT Cooming Soon fat-coming-soon allows PHP Local File Inclusion.This issue affects FAT Cooming Soon: from n/a through <= 1.1. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-04-11
2025-04-11 09:15Z
HIGH

CVE-2025-32656 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32656

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Testimonial Slider And Showcase Pro testimonial-slider-showcase-pro allows PHP Local File Inclusion.This issue affects Testimonial Slider And Showcase Pro: from n/a through <= 2.3.15. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-04-11
2025-04-11 09:15Z
HIGH

CVE-2025-32654 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32654

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Stylemix Motors motors-car-dealership-classified-listings allows PHP Local File Inclusion.This issue affects Motors: from n/a through <= 1.4.71. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-04-11
2025-04-11 09:15Z
HIGH

CVE-2025-32650 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32650

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ability, Inc Accessibility Suite online-accessibility allows SQL Injection.This issue affects Accessibility Suite: from n/a through <= 4.18. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-04-11
2025-04-11 09:15Z
HIGH

CVE-2025-32633 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in neoslab

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32633

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in neoslab Database Toolset database-toolset allows Path Traversal.This issue affects Database Toolset: from n/a through <= 1.8.4. CVSSv3.1 8.6 (HIGH)

CWECWE 22TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2025-04-11
2025-04-11 09:15Z
HIGH

CVE-2025-32631 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in oxygensuite

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32631

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in oxygensuite Oxygen MyData for WooCommerce oxygen-mydata allows Path Traversal.This issue affects Oxygen MyData for WooCommerce: from n/a through <= 1.0.64. CVSSv3.1 8.6 (HIGH)

CWECWE 22TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2025-04-11
2025-04-11 09:15Z
HIGH

CVE-2025-32629 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CMSJunkie

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32629

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CMSJunkie - WordPress Business Directory Plugins WP-BusinessDirectory wp-businessdirectory allows Path Traversal.This issue affects WP-BusinessDirectory: from n/a through <= 3.1.2. CVSSv3.1 8.6 (HIGH)

CWECWE 22TYPVulnerability
8.6
CVSS v3.1
93
Edit Score
2025-04-11
2025-04-11 09:15Z
HIGH

CVE-2025-32627 — Joomsky Js_job_manager: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32627

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Job Manager js-jobs allows PHP Local File Inclusion.This issue affects JS Job Manager: from n/a through <= 2.0.2. CVSSv3.1 8.1 (HIGH)

CWECWE 98VNDJoomskyTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-04-11
2025-04-11 09:15Z
HIGH

CVE-2025-32618 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32618

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PickPlugins Wishlist wishlist allows SQL Injection.This issue affects Wishlist: from n/a through <= 1.0.46. CVSSv3.1 8.5 (HIGH)

CWECWE 89TYPVulnerability
8.5
CVSS v3.1
93
Edit Score
2025-04-11
2025-04-11 09:15Z
HIGH

CVE-2025-32614 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32614

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON eventon-lite allows PHP Local File Inclusion.This issue affects EventON: from n/a through <= 2.4. CVSSv3.1 8.8 (HIGH)

CWECWE 98TYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2025-04-11
2025-04-11 09:15Z
CRIT

CVE-2025-32607 — Deserialization: of Untrusted Data vulnerability in magepeopleteam WpBookingly service-booking-manager allows Object Injection.This issue affects

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32607

Deserialization of Untrusted Data vulnerability in magepeopleteam WpBookingly service-booking-manager allows Object Injection.This issue affects WpBookingly: from n/a through <= 1.3.0. CVSSv3.1 9.8 (CRITICAL)

CWECWE 502TYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2025-04-11
2025-04-11 09:15Z
CRIT

CVE-2025-32603 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32603

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK WP Online Users Stats wp-online-users-stats allows Blind SQL Injection.This issue affects WP Online Users Stats: from n/a through <= 1.0.0. CVSSv3.1 9.3 (CRITICAL)

CWECWE 89TYPVulnerability
9.3
CVSS v3.1
97
Edit Score
2025-04-11
2025-04-11 09:15Z
HIGH

CVE-2025-32589 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32589

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in odude Flexi – Guest Submit flexi allows PHP Local File Inclusion.This issue affects Flexi – Guest Submit: from n/a through <= 4.28. CVSSv3.1 8.1 (HIGH)

CWECWE 98TYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2025-04-11
2025-04-11 09:15Z
HIGH

CVE-2025-32587 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in pickupp

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2025-32587

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in pickupp WooCommerce Pickupp wc-pickupp allows PHP Local File Inclusion.This issue affects WooCommerce Pickupp: from n/a through <= 2.4.3. CVSSv3.1 8.1 (HIGH)

CWECWE 22TYPVulnerability
8.1
CVSS v3.1
91
Edit Score